Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by branden_robinson

CVE-2009-1573 (GCVE-0-2009-1573)

Vulnerability from cvelistv5 – Published: 2009-05-06 17:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-05-05 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:34.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
          },
          {
            "name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
          },
          {
            "name": "39834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39834"
          },
          {
            "name": "34828",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34828"
          },
          {
            "name": "xvfbrun-magiccookie-info-disclosure(50348)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
          },
          {
            "name": "ADV-2010-1185",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1185"
          },
          {
            "name": "USN-939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-939-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
        },
        {
          "name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
        },
        {
          "name": "39834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39834"
        },
        {
          "name": "34828",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34828"
        },
        {
          "name": "xvfbrun-magiccookie-info-disclosure(50348)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
        },
        {
          "name": "ADV-2010-1185",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1185"
        },
        {
          "name": "USN-939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-939-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
            },
            {
              "name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
            },
            {
              "name": "39834",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39834"
            },
            {
              "name": "34828",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34828"
            },
            {
              "name": "xvfbrun-magiccookie-info-disclosure(50348)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
            },
            {
              "name": "ADV-2010-1185",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1185"
            },
            {
              "name": "USN-939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-939-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1573",
    "datePublished": "2009-05-06T17:00:00.000Z",
    "dateReserved": "2009-05-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:20:34.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}